☠ Bluetouff on air

mercredi 29 mai 2013

A couple of months ago, we've been investigating on Blue Coat Systems role in syrian censorship and a large scale man in the middle attack. A few days ago, some Telecomix agents posted a scary paste on Pastebin. Blue Coat is still selling hardware to syria, dispite a $ 2,800,000 fine for circumventing the embargo on Syria last year. It's a fact that Middle East is a wide market for some french (like Qosmos or Amesys) and american firms (like Cisco or Blue Coat).

Blue Coat Systems sells a wide range of security appliances including advanced cache control, deep packet inspection, trafic shaping and firewall features. In other words, those security appliance can be used for networks security purposes as well for networks censorship and surveillance. Selling this kind of devices to Iran or Syria is not a trivial business. We all know that a connected devices, a computer or a smartphone can be your best friend and your worst enemy too, especially in a country where bloggers are sentenced up to 19 and a half years in prison.

After yesterday's article exposing brand new Blue Coat devices in Syria, we focused on Syria's best allies. So we naturally focused on Iran. ShodanHQ previously identified 171 Blue Coat devices all concentrated in two cities : Chadegan (138 devices) and Shahreza (33 devices). Theses devices are owned by local iranian ISP and mobile operators. Blue Coat seems to be very popular in Iran, but Cisco remains leader on iranian market.

Several europeans and americans hardware manufacturers sell censorship and surveillances solutions in Iran.

The last IP adress is very interesting, it appears to be an AS12880 (Information Technology Company) adress. Great news for me... this AS seems to peer with every ISP in Iran. Iranian Big Brother might be somewhere here. 217.218.158.42 answers ping but an external port scan shows no open ports.

The censorship infrastructure might be difficult to spot on ITC Network. Some devices may operate in passive mode, with no public reachable IP address. But as we can visit iranian Internet as iranians do, we'll try in the next article to understand who and which devices are filtering Internet in Iran.

mercredi 1 août 2012

It's been more than one year since i did not write anything on this blog. It's also been more than one year i'm getting a close look to Syria with my friends of Telecomix, FHIMT and Reflets.info. During this year, we've been tracking european and american companies selling surveillance technologies to countries that use them against political opponents to identify them, track them, arrest them, torture them, and then kill them.

But we did not forget Bahrain.

We identified through a leaked official document that Finfisher technology (aka UK company Gamma Group), was responsible for Bahrain's activists tracking in this country. Finfisher is a collection of intrusive tools to break into any computer, maintaining access and spy in deep anyone connected on the Internet.

The leaked document is in Arab, translations will be soon available in french and in english on Reflets.info.

dimanche 17 avril 2011

You might have follow us yesterday night doing a bunch of tourism in the wonderful Syrian Internet. As we had pretty much fun playing with Bachar, we thought Hamad could get jealous.
This pad is dedicated to you Hamad.

You can kill your people and shit on freedom in Bahrein... but never forget hackers are watching at you... we're close... even closer.

We do not attack, we're just tourists. Then we take pictures to show them to our friends from the Internets.

Hope you'll enjoy our journey as we did

/-)

Leak it Baby :

First step : asking a good friend the best way to have a nice touristic journey :

dimanche 24 octobre 2010

Even if i didnotgetthetimeplaywithmynew phone, a SamsungGalaxy S, i must say i feelquiteexcitedto plan somehackystuffwithit and Android OS thatitruns. Androidis a really cool platformthatletsadvancedusersplaywithmodifiedfirmwarestoextendsitsfeatures. Officials and betafirmware for theGalaxy S canbefoundhere, this page couldsaveyourlife if somethinggoeswrongwiththefollowinghacks. Considerhaving a look on thenewSamsung Flash wiki page and on the i9000 official flashing guide. If your are notfamiliarwithflashingdevices or runningtoolsthatcould brick your phone, please, do noteventry.

Hereismyfirst impression for thisdevice :

Effortlessroot ;

Multitask ;

Androidhasmanyusefulappsthatjustworks for a professional use (excellent emailapp, SIP, tetheringthatactuallyworks for no money ...) ;

Androidmakesyour phone highlyhackable, and some apps like Touiteur a very good surprise.

Issues :

No SSHdbydefault, I justrecommendQuickSSHd, an inexpensive but usefulapp ;

A strangebehaviorwithGPS, Samsung USA recentlyadmitted an issue and was planning tofixit in september. Did not see such a (official) fix yet;

Memoryaccesmaysometimesbe slow whichis a software issue but a lagfixcanbeapplied once the phone rooted. The 1Ghz CPU shouldbefastenough.

Last point thatisnotrelatedtothe phone itself, but tooperatorsthatfilter http requestsfrom a tethered computer browser, but should I need more than a sshterm ? Well, a browsermightbeusefulsoyouwilleasilyfind a waytocheatthembymodifythe user agent parameterofyourbrowser, usingthisplugin for Chrome or thisone for Firefox.

What could be improved

The default factory firmware with the GPS bug but I recently moved to Froyo, not an official firmware, but the GPS works perfectly on this one.

There are not as much great 3D games on Android. If you're a gamer, excepting being an absolute fan of Asphalt 5 you should consider using an iPhone. I hope some companies like Gameloft or Electronic Arts will launch more 3D games on Android.

dimanche 8 août 2010

I had few troubles with adding a new configuration in Tunneblick, a cool free VPN software for OSX. The documentation of my provider was not so clear and a small mistake took me some time get started.

I had already a previous configuration and when i read the documentation of my new VPN provider, i was told to drop the config files in the openvpn folder located in the Library folder, in my Home directory. Of course, i had no "openvpn" folder located here. After a few greps, i found the good place : on Snow Leopard, you have to put your configuration files in /Users/yourname/Library/Application\ Support/Tunnelblick/Configurations/

Move to the folder where your new VPN provider configuration files are :

$ cd /User/yourname/Desktop/MyConfFiles
Check that you have copied your .pem, .crt and .key with others config files, then copy your new configuration files to to the Tunnelblick configuration folder :

mercredi 21 juillet 2010

Applicative virtualization is now a security oriented feature implemented by Dell for Mozilla Firefox web browser. The french website PCInpact explains that only Internet Explorer 8 and Chrome have implemented a sandbox to prevent the risk of a browsing security exploitation that could compromise the whole system.

Firefox is now so popular that Dell decided to provide it's own secured environment with Kace (a Dell subsidiary). Kace not only prevents Firefox vulnerabilities, it also protects users from the use of critical plugins like Flash and Adobe Reader.

mardi 20 juillet 2010

The Piratpartiet (Swedish Pirate Party) seems about to become an ISP. It's the first known initiative of that kind for a politic party to provide a connexion to the Internets, but it seems to be a very good way to deliver a service that ethically gives an answer to the fight for Net Neutrality. Pirateisp will provide soon connexions from 10mb to 1gb, you can check the pricelist here (prices are from 26 to 55€).